nerdexam
Cisco

350-401 · Question #530

An engineer must configure the strongest password authentication to locally authenticate on a router. Which configuration must be used?

The correct answer is D. username netadmin secret 9 $9$vFpMfBelbRVV8SseX/bDAxtuV. Password Authentication Strength on Cisco Routers Option D is correct because secret type 9 uses the scrypt hashing algorithm, which is currently the strongest password encryption available on Cisco IOS routers - it is computationally expensive to crack and represents Cisco's mos

Submitted by mateo_ar· Mar 6, 2026Security

Question

An engineer must configure the strongest password authentication to locally authenticate on a router. Which configuration must be used?

Options

  • Ausername netadmin secret 5 $1$b1JUSkZbBS1Pyh4OzwXyZ1kSZ2
  • Busername netadmin secret $15b1JuSk404850110QzwXyZ1k SZ2
  • Cline Console 0
  • Dusername netadmin secret 9 $9$vFpMfBelbRVV8SseX/bDAxtuV

How the community answered

(23 responses)
  • A
    4% (1)
  • B
    4% (1)
  • C
    13% (3)
  • D
    78% (18)

Explanation

Password Authentication Strength on Cisco Routers

Option D is correct because secret type 9 uses the scrypt hashing algorithm, which is currently the strongest password encryption available on Cisco IOS routers - it is computationally expensive to crack and represents Cisco's most modern local authentication standard. Option A uses secret type 5 (MD5 hashing), which is significantly weaker and considered outdated due to MD5's known vulnerabilities to brute-force and rainbow table attacks. Option B contains an improperly formatted secret string with no valid type identifier, making it syntactically incorrect and not a valid Cisco configuration. Option C configures console line access but does not define any username or authentication method, making it completely irrelevant to the question.

Memory Tip:

Think "Higher number = stronger security" - Type 5 (MD5) → Type 8 (PBKDF2-SHA256) → Type 9 (scrypt) = strongest. On the exam, always select the highest secret type number available as it reflects the most modern, secure hashing algorithm Cisco supports.

Topics

#Local Authentication#Password Hashing#Cisco IOS Security#Security Best Practices

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice